Nations can no longer afford to go it alone on cyber-security

Cyber-crime knows know borders, so nor should our defences.

Senior representatives from more than 90 governments met in Seoul recently to discuss cyber-space, including cyber-security and cyber-crime. It was the third in a series of international conferences that has followed a push from the UK government to bring a more international perspective to discussions about how to keep cyber-space open while addressing threats.

Cyber-crime does not operate in a world confined by national borders so an international response is our only option. We need to cooperate to protect devices and information infrastructures from malicious entities seeking to steal secrets, deny access to critical services and exploit our identities to commit crimes.

Vulnerable businesses
There is much work to be done. Weaknesses in infrastructures, policy and operations leave us vulnerable and threats to businesses and individuals are frequent and damaging. For example, a sophisticated malicious software recently infected a PC at a small British bakery, then managed to bypass all of the business’s online banking security software and steal £20,000. There is no end to the news of malware, viruses and spam that affect online accounts and home computers.

Recent research indicates that four in five of the UK’s largest quoted companies are unprepared for cyber attacks. The widely reported threats to systems within finance and banking are an uneasy reminder of our vulnerability – and a key priority of the Bank of England and other financial regulators. Even those companies that you might expect to see outsmarting cyber-criminals are not immune. Just a few weeks ago software company Adobe admitted that its system had been hacked and that data from nearly 3 million customers had been stolen. Now there are reports of ransomware attacks across companies in East London’s hi-tech cluster of businesses.

Currently, too many decisions relating to cyber-security rely on inadequate evidence, inconsistent data, deficient reporting and varying rules across networks and systems. This inconsistency on data is apparent in UK government. Two years ago the UK Cabinet Office published a study by Detica, which estimated that cyber-crime costs the UK economy £27bn per year. It gave a breakdown by business sector and type of crime. This type of data is critical for governments, businesses and technology companies to plan appropriate security responses. However, a 2012 study undertaken by Professor Ross Anderson and colleagues for the Ministry of Defence calculated that a more realistic estimate would be closer to £12bn, distributed in significantly different ways to the Detica claims. This would suggest a different pattern of appropriate responses.

Defence beyond borders
A report to which I contributed, Now for the Long Term calls for the creation of an information exchange - CyberEx - to start tackling these issues. It could be funded by governments and businesses with an interest in collecting and analysing data on cyber-attacks to inform their own decisions about cyber-security. Each could share their own information and coordinate with others on responses to international threats. CyberEx could identify weaknesses in the global system, flag up suspicious Internet traffic and malicious software and help countries and businesses develop technical standards for their cyber-security efforts.

It could seek to minimise common vulnerabilities that enable the theft of sensitive information and the distribution of spam through systems, and work closely with international and domestic agencies to prevent common system attacks. The platform could also provide a useful mechanism for stakeholders to work together on responses to collective concerns, such as privacy protection. By providing an accessible, open platform for information exchange, CyberEx could help governments, businesses and individuals to better understand common threat patterns, identify preventative measures and minimise future attacks.

But you are only as strong as your weakest link, so CyberEx would also need to help developing countries improve their cyber infrastructure. For example, Professor Anderson’s MoD study concluded that significant numbers of “stranded traveller” scams and Advance Fee Frauds originate in West Africa, particularly Nigeria.

We are at the start of conversations with interested parties on the potential for CyberEx, so the details of how and where the exchange would be hosted are still to be worked out. The report’s recommendation is a starting point but it is an important one. It could move us closer to using an exchange platform to counter common but high-risk cyber threats. It is a conversation that must continue if we are to meet the challenges posed by increased societal dependence on information infrastructures.

Ian Brown receives funding from the UK Research Councils (currently EPSRC), the European Commission, and BT. He is on the advisory councils of the Open Rights Group, Privacy International and the Foundation for Information Policy Research.

This article was originally published at The Conversation. Read the original article.

The Conversation

We can't fight cyber-crime by ourselves. (Photo: Getty)
Getty/New Statesman
Show Hide image

Pupils need internet classes? Here are 41 lessons they should learn

Forget privacy and security, here's what to do when a black and blue dress looks white and gold. 

It is imperative that children are taught how to survive and thrive on the internet, claims a new House of Lords report. According to the Lords Communication Committee, pupils need to learn how to stay safe, avoid addictive games, and become “digitally literate”.

It’s hard to argue with the report, which is a great step forward in acknowledging that the internet now basically = life. Yet although it is crucial that children learn how to stay private and secure online, there are also some equally crucial and not-at-all-flippant pieces of information that the youth urgently need to know. Here are the first 41 lessons in that curriculum.

  1. To figure out how much to donate towards your mate’s charity half-marathon, half X OR double Y, where X is the amount paid by their mum and Y is the amount donated by your closest rival, Becky
  2. Don’t mention that it’s snowing
  3. If – for some reason – you talk about bombs in a Facebook message, follow this up with “Hi Theresa May” in case Theresa May is looking, and then Theresa May will think you are just joking
  4. If you are on a train and you are annoyed about the train, do not tweet @ the social media manager who runs the account for the train, because they are not, in fact, the train
  5. If a Facebook meme starts “Only 10 per cent of people can get this puzzle right” – know that lies are its captain
  6. It’s not pronounced me-me
  7. Never say me-me nor meem, for they should not be discussed out loud
  8. People can tell if you’ve watched their Instagram stories
  9. People can’t tell if you’ve waded back through their Zante 2008 album and viewed all 108 photos
  10. People can tell if you’ve waded back through their Zante 2008 album and viewed all 108 photos if you accidentally Like one – in this circumstance, burn yourself alive
  11. Jet fuel can melt steel beams
  12. If a dog-walking photo is taken in the woods and no one uploads it; did it even happen?
  13. Google it before you share it
  14. Know that Khloe Kardashian does not look that way because of a FitTea wrap
  15. Do not seek solace in #MondayMotivation – it is a desolate place
  16. Respect JK Rowling
  17. Please read an article before you comment about a point that the article specifically rebutted in great detail in order to prepare for such comments that alas, inevitably came
  18. Don’t be racist, ok?
  19. Never, under any circumstances, wade into the Facebook comment section under an article about Jeremy Corbyn
  20.  If a dress looks white and gold to some people and black and blue to some others, please just go outside
  21. Open 200 tabs until you are crippled with anxiety. Close none of the tabs
  22. Despite the fact it should make you cringe, “smol puppers” is the purest evolution of language. Respect that
  23. Take selfies, no matter what anyone says
  24. Watch Zoella ironically until the lines of irony blur and you realise that the 20 minutes you immerse yourself into her rose-gold life are the only minutes of peace in your agonising day but also, what’s wrong with her pug? I hope her pug is ok
  25. Nazi Furries are a thing. Avoid
  26. Use Facebook’s birthday reminder to remember that people exist and delete them from your Friends list
  27. When a person you deleted from your Friends list inexplicably comes up to you IRL and says “Why?” pretend that your little cousin Jeff got into your account
  28. Don’t let your little cousin Jeff into your account
  29. “Like” the fact your friend got engaged even if you don’t actually like the fact she is reminding you of the gradual ebbing away of your youth
  30. No one cares about your political opinion and if they act like they do then I regret to inform you, they want to have sex with you
  31. Please don’t leave a banterous comment on your local Nando’s Facebook page, for it is not 2009
  32. Accept that the viral Gods choose you, you do not choose them
  33. Joke about your mental health via a relatable meme that is actually an agonising scream into the void
  34. Share texts from your mum and mock them with internet strangers because even though she pushed you out of her vagina and gave up her entire life to help you thrive as a person, she can’t correctly use emojis
  35. Follow DJ Khaled
  36. Decide that “Best wishes” is too blah and “Sincerely” is too formal and instead sign off your important email with “Happy bonfire night”” even though that is not a thing people say
  37. If someone from primary school adds you as Friend in 15 years, accept them but never speak again
  38. The mute button is God’s greatest gift
  39. Do not tell me a clown will kill me after midnight if I don’t like your comment because that is not a promise you can keep
  40. Don’t steal photos of other people’s pets
  41. Accept that incorrect "your"s and "you’re"s are not going anywhere and save yourself the time 

Amelia Tait is a technology and digital culture writer at the New Statesman.